Blob Blame History Raw
diff -up jss-4.2.6/mozilla/security/jss/build_java.pl.cfuOrig jss-4.2.6/mozilla/security/jss/build_java.pl
--- jss-4.2.6/mozilla/security/jss/build_java.pl.cfuOrig	2012-03-19 17:48:57.615048000 -0700
+++ jss-4.2.6/mozilla/security/jss/build_java.pl	2012-03-19 17:48:53.250052000 -0700
@@ -19,6 +19,7 @@ org.mozilla.jss.crypto.Algorithm
 org.mozilla.jss.crypto.EncryptionAlgorithm      
 org.mozilla.jss.crypto.PQGParams     
 org.mozilla.jss.crypto.SecretDecoderRing
+org.mozilla.jss.asn1.ASN1Util
 org.mozilla.jss.pkcs11.CertProxy        
 org.mozilla.jss.pkcs11.CipherContextProxy 
 org.mozilla.jss.pkcs11.PK11Module 
diff -up jss-4.2.6/mozilla/security/jss/lib/config.mk.cfuOrig jss-4.2.6/mozilla/security/jss/lib/config.mk
--- jss-4.2.6/mozilla/security/jss/lib/config.mk.cfuOrig	2012-03-19 17:48:57.535048000 -0700
+++ jss-4.2.6/mozilla/security/jss/lib/config.mk	2012-03-19 17:48:53.264052000 -0700
@@ -44,6 +44,7 @@ SHARED_LIBRARY_DIRS = \
     ../org/mozilla/jss/SecretDecoderRing \
     ../org/mozilla/jss \
     ../org/mozilla/jss/pkcs11 \
+    ../org/mozilla/jss/asn1 \
     ../org/mozilla/jss/ssl \
     ../org/mozilla/jss/util \
     ../org/mozilla/jss/provider/java/security \
diff -up jss-4.2.6/mozilla/security/jss/lib/jss.def.cfuOrig jss-4.2.6/mozilla/security/jss/lib/jss.def
--- jss-4.2.6/mozilla/security/jss/lib/jss.def.cfuOrig	2012-03-19 17:48:57.362048000 -0700
+++ jss-4.2.6/mozilla/security/jss/lib/jss.def	2012-03-19 17:48:53.278052000 -0700
@@ -333,6 +333,7 @@ Java_org_mozilla_jss_CryptoManager_OCSPC
 Java_org_mozilla_jss_CryptoManager_setOCSPTimeoutNative;
 Java_org_mozilla_jss_CryptoManager_verifyCertificateNowNative;
 Java_org_mozilla_jss_CryptoManager_verifyCertificateNowCUNative;
+Java_org_mozilla_jss_asn1_ASN1Util_getTagDescriptionByOid;
 ;+    local:
 ;+       *;
 ;+};
diff -up jss-4.2.6/mozilla/security/jss/lib/rules.mk.cfuOrig jss-4.2.6/mozilla/security/jss/lib/rules.mk
--- jss-4.2.6/mozilla/security/jss/lib/rules.mk.cfuOrig	2012-03-19 17:48:57.574049000 -0700
+++ jss-4.2.6/mozilla/security/jss/lib/rules.mk	2012-03-19 17:48:53.288052000 -0700
@@ -41,6 +41,7 @@ release_sanitize::
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsscrypto$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssmanage$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspkcs11$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
+	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssasn1$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jsspolicy$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssssl$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(DLL_PREFIX)jssutil$(DYNAMIC_LIB_EXTENSION)$(DYNAMIC_LIB_SUFFIX)
@@ -48,6 +49,7 @@ ifeq ($(OS_ARCH),WINNT)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsscrypto$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssmanage$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspkcs11$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
+	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssasn1$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jsspolicy$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssssl$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
 	-rm $(SOURCE_RELEASE_PREFIX)/$(SOURCE_RELEASE_LIB_DIR)/$(IMPORT_LIB_PREFIX)jssutil$(IMPORT_LIB_EXTENSION)$(IMPORT_LIB_SUFFIX)
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.c.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.c
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.c.cfuOrig	2012-03-19 17:48:57.381048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.c	2012-03-19 17:51:32.433893000 -0700
@@ -0,0 +1,97 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape Security Services for Java.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+#include "_jni/org_mozilla_jss_asn1_ASN1Util.h"
+#include <pk11func.h>
+#include <nspr.h>
+#include <seccomon.h>
+#include <key.h>
+#include <secitem.h>
+
+#include <jssutil.h>
+#include <java_ids.h>
+#include <jss_exceptions.h>
+#include <Algorithm.h>
+
+/***********************************************************************
+ *
+ * Java_org_mozilla_jss_asn1_ASN1Util_getTagDescriptionByOid
+ *     retrieves OID description by NSS's OID Tag identifier
+ *     the OID byte array is expected to be without the OID Tag (6) and size
+ *        (together 2 bytes)
+ */
+JNIEXPORT jstring JNICALL
+Java_org_mozilla_jss_asn1_ASN1Util_getTagDescriptionByOid(JNIEnv *env, jobject this, jbyteArray oidBA)
+{
+    SECItem *oid = NULL;
+    SECOidTag oidTag = SEC_OID_UNKNOWN;
+    char *oidDesc = NULL;
+    jstring description= "";
+
+    if (oidBA == NULL) {
+        JSS_throwMsg(env, INVALID_PARAMETER_EXCEPTION,
+            "JSS getTagDescriptionByOid: oidBA null");
+        goto finish;
+    } else {
+        /**************************************************
+         * Setup the parameters
+         *************************************************/
+        oid = JSS_ByteArrayToSECItem(env, oidBA);
+        if (oid == NULL) {
+            JSS_throwMsg(env, INVALID_PARAMETER_EXCEPTION,
+                "JSS getTagDescriptionByOid: JSS_ByteArrayToSECItem failed");
+            goto finish;
+        }
+
+        /*
+         * SECOID_FindOIDTag() returns SEC_OID_UNKNOWN if no match
+         */
+        oidTag = SECOID_FindOIDTag(oid);
+        if (oidTag == SEC_OID_UNKNOWN) {
+            JSS_throwMsg(env, INVALID_PARAMETER_EXCEPTION,
+                "JSS getTagDescriptionByOid: OID UNKNOWN");
+            goto finish;
+        }
+
+        oidDesc = SECOID_FindOIDTagDescription(oidTag);
+        if (oidDesc == NULL) {
+            oidDesc = "";
+        }
+        description = (*env)->NewStringUTF(env, oidDesc);
+    }
+
+finish:
+    return description;
+}
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.java.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.java.cfuOrig	2012-03-19 17:48:57.119048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/ASN1Util.java	2012-03-19 18:03:20.766186000 -0700
@@ -36,6 +36,8 @@
 package org.mozilla.jss.asn1;
 
 import java.io.*;
+import java.util.Arrays;
+
 import org.mozilla.jss.asn1.InvalidBERException;
 import org.mozilla.jss.util.Assert;
 
@@ -114,4 +116,71 @@ public class ASN1Util {
             numRead += nr;
         }
     }
+
+    /**
+     * returns the ECC curve byte array given the X509 public key byte array
+     *
+     * @param X509PubKeyBytes byte array of an X509PubKey
+     * @param withHeader tells if the return byes should inclulde the tag and size header or not
+     */
+    public static byte[] getECCurveBytesByX509PublicKeyBytes(byte[] X509PubKeyBytes,
+        boolean withHeader)
+        throws IllegalArgumentException, ArrayIndexOutOfBoundsException,
+               NullPointerException
+    {
+        if ((X509PubKeyBytes == null) || (X509PubKeyBytes.length == 0)) {
+            throw new IllegalArgumentException("X509PubKeyBytes null");
+        }
+
+        /* EC public key OID complete with tag and size */
+        byte[] EC_PubOIDBytes_full =
+            ASN1Util.encode(OBJECT_IDENTIFIER.EC_PUBKEY_OID);
+
+        /* EC public key OID without tag and size */
+        byte[] EC_PubOIDBytes =
+            Arrays.copyOfRange(EC_PubOIDBytes_full, 2, EC_PubOIDBytes_full.length);
+
+        int curveBeginIndex = 0;
+        for (int idx = 0; idx<= X509PubKeyBytes.length; idx++) {
+            byte[] tmp = 
+                Arrays.copyOfRange(X509PubKeyBytes, idx, idx+EC_PubOIDBytes.length);
+            if (Arrays.equals(tmp, EC_PubOIDBytes)) {
+                curveBeginIndex = idx+ EC_PubOIDBytes.length;
+                break;
+            }
+        }
+
+        int curveByteArraySize = (int) X509PubKeyBytes[curveBeginIndex+ 1];
+
+        if (withHeader) {
+            /* actual curve with tag and size */
+            byte curve[] = Arrays.copyOfRange(X509PubKeyBytes, curveBeginIndex, curveBeginIndex + curveByteArraySize + 2);
+            return curve;
+        } else {
+            /* actual curve without tag and size */
+            byte curve[] = 
+                Arrays.copyOfRange(X509PubKeyBytes, curveBeginIndex + 2,
+                    curveBeginIndex + 2 + curveByteArraySize);
+            return curve;
+        }
+    }
+
+    /**
+     * getOIDdescription() returns a text description of the OID
+     *     from OID byte array
+     * the OID byte array is expected to be without the OID Tag (6) and size
+     *    (together 2 bytes)
+     */
+    public static String
+    getOIDdescription(byte[] oidBA) {
+        return getTagDescriptionByOid(oidBA);
+    }
+
+    /**
+     * get OID description JNI method
+     */
+    private native static String
+    getTagDescriptionByOid(byte[] oidBA);
+
+
 }
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/Makefile.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/Makefile
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/Makefile.cfuOrig	2012-03-19 17:48:57.467048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/Makefile	2012-03-19 17:48:53.348052000 -0700
@@ -57,7 +57,7 @@ include $(CORE_DEPTH)/$(MODULE)/config/c
 #######################################################################
 # (4) Include "local" platform-dependent assignments (OPTIONAL).      #
 #######################################################################
-#include config.mk
+include config.mk
 
 
 #######################################################################
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java.cfuOrig	2012-03-19 17:48:57.178048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/OBJECT_IDENTIFIER.java	2012-03-19 17:48:53.364052000 -0700
@@ -52,6 +52,12 @@ public class OBJECT_IDENTIFIER implement
     ///////////////////////////////////////////////////////////////////////
 
     /**
+     * The OID space for EC
+     */
+    public static final OBJECT_IDENTIFIER EC_PUBKEY_OID =
+        new OBJECT_IDENTIFIER( new long[]{1, 2, 840, 10045, 2, 1} );
+
+    /**
      * The OID space for RSA Data Security, Inc.
      */
     public static final OBJECT_IDENTIFIER RSADSI =
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/config.mk.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/config.mk
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/config.mk.cfuOrig	2012-03-19 17:48:57.398048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/config.mk	2012-03-19 17:48:53.381052000 -0700
@@ -0,0 +1,41 @@
+# 
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is the Netscape Security Services for Java.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1998-2000
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+TARGETS=$(LIBRARY)
+SHARED_LIBRARY=
+IMPORT_LIBRARY=
+
+NO_MD_RELEASE = 1
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/manifest.mn.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/manifest.mn
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/manifest.mn.cfuOrig	2012-03-19 17:48:57.434048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/asn1/manifest.mn	2012-03-19 17:48:53.401052000 -0700
@@ -41,6 +41,8 @@ MODULE = jss
  
 NS_USE_JDK = 1
 
+REQUIRES =      nspr20 nss
+
 PACKAGE =       org/mozilla/jss/asn1
 
 CLASSES = 											\
@@ -112,3 +114,9 @@ JSRCS = 											\
             UTCTime.java                            \
             UTF8String.java                         \
 			$(NULL)
+
+CSRCS =                             \
+            ASN1Util.c     \
+            $(NULL)
+
+LIBRARY_NAME = jssasn1
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/manifest.mn.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/manifest.mn
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/manifest.mn.cfuOrig	2012-03-19 17:48:57.502048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/manifest.mn	2012-03-19 17:48:53.413052000 -0700
@@ -48,6 +48,7 @@ DIRS =	\
 	crypto	\
     SecretDecoderRing \
 	pkcs11	\
+    asn1   \
     ssl     \
     provider \
 	$(NULL)
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java.cfuOrig	2012-03-19 17:48:57.238048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11ECPublicKey.java	2012-03-19 17:48:53.432052000 -0700
@@ -61,15 +61,29 @@ public final class PK11ECPublicKey exten
 //      }
 //    }
 //
-//    public BigInteger getW() {
-//      try {
-//        return new BigInteger( getWByteArray() );
-//      } catch(NumberFormatException e) {
-//        Assert.notReached("Unable to decode DSA public value");
-//        return null;
-//      }
-//    }
-//
-//    private native byte[] getCurveByteArray();
-//    private native byte[] getWByteArray();
+
+    public BigInteger getCurve() {
+      try {
+        return new BigInteger( getCurveByteArray() );
+      } catch(NumberFormatException e) {
+       Assert.notReached("Unable to decode EC curve");
+       return null;
+      }
+    }
+
+    public byte[] getCurveBA() {
+        return getCurveByteArray();
+    }
+
+    public BigInteger getW() {
+      try {
+        return new BigInteger( getWByteArray() );
+      } catch(NumberFormatException e) {
+        Assert.notReached("Unable to decode EC public value");
+        return null;
+      }
+    }
+
+    private native byte[] getCurveByteArray();
+    private native byte[] getWByteArray();
 }
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c.cfuOrig	2012-03-19 17:48:57.272048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.c	2012-03-19 17:48:53.450052000 -0700
@@ -450,6 +450,14 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapp
             numAttribs = 4;
         }
 	break;
+    case CKK_EC:
+        numAttribs = 1;
+        attribs[0] = CKA_SIGN;
+        if (isExtractable) {
+            attribs[1] = CKA_EXTRACTABLE;
+            numAttribs = 2;
+        }
+	break;
     case CKK_DSA:
         attribs[0] = CKA_SIGN;
         numAttribs = 1;
@@ -460,11 +468,6 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapp
         attribs[0] = CKA_DERIVE;
         numAttribs = 1;
 	break;
-    case CKK_EC:
-        attribs[0] = CKA_SIGN;
-        attribs[1] = CKA_DERIVE;
-        numAttribs = 2;
-	break;
     default:
         /* unknown key type */
         PR_ASSERT(PR_FALSE);
@@ -479,7 +482,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyWrapp
                 attribs, numAttribs, NULL /*wincx*/);
     if( privk == NULL ) {
         char err[256] = {0};
-        PR_snprintf(err, 256, "Key Unwrap failed on token:%d", PR_GetError());
+        PR_snprintf(err, 256, "Key Unwrap failed on token:error=%d, keyType=%d", PR_GetError(), keyType);
         JSS_throwMsg(env, TOKEN_EXCEPTION, err);
         goto finish;
     }
diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java.cfuOrig jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java
--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java.cfuOrig	2012-03-19 17:48:57.298048000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java	2012-03-19 17:48:53.471052000 -0700
@@ -459,13 +459,19 @@ final class PK11KeyWrapper implements Ke
         if( type == PrivateKey.RSA ) {
             if( !(publicKey instanceof RSAPublicKey)) {
                 throw new InvalidKeyException("Type of public key does not "+
-                    "match type of private key");
+                    "match type of private key which is RSA");
             }
             return ((RSAPublicKey)publicKey).getModulus().toByteArray();
+        } else if(type == PrivateKey.EC) {
+            if( !(publicKey instanceof PK11ECPublicKey) ) {
+                throw new InvalidKeyException("Type of public key does not "+
+                    "match type of private key which is EC");
+            }
+            return ((PK11ECPublicKey)publicKey).getW().toByteArray();
         } else if(type == PrivateKey.DSA) {
             if( !(publicKey instanceof DSAPublicKey) ) {
                 throw new InvalidKeyException("Type of public key does not "+
-                    "match type of private key");
+                    "match type of private key which is DSA");
             }
             return ((DSAPublicKey)publicKey).getY().toByteArray();
         } else {